Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NFSSVC(2)		    BSD	System Calls Manual		     NFSSVC(2)

     nfssvc -- NFS services

     Standard C	Library	(libc, -lc)

     #include <sys/param.h>
     #include <sys/mount.h>
     #include <sys/time.h>
     #include <nfs/rpcv2.h>
     #include <nfs/nfs.h>
     #include <unistd.h>

     nfssvc(int	flags, void *argstructp);

     The nfssvc() function is used by the NFS daemons to pass information into
     and out of	the kernel and also to enter the kernel	as a server daemon.
     The flags argument	consists of several bits that show what	action is to
     be	taken once in the kernel and the argstructp points to one of three
     structures	depending on which bits	are set	in flags.

     On	the client side, nfsiod(8) calls nfssvc() with the flags argument set
     to	NFSSVC_BIOD and	argstructp set to NULL to enter	the kernel as a	block
     I/O server	daemon.	 For NQNFS, mount_nfs(8) calls nfssvc()	with the
     NFSSVC_MNTD flag, optionally or'd with the	flags NFSSVC_GOTAUTH and
     NFSSVC_AUTHINFAIL along with a pointer to a

     struct nfsd_cargs {
	     char	     *ncd_dirp;	     /*	Mount dir path */
	     uid_t	     ncd_authuid;    /*	Effective uid */
	     int	     ncd_authtype;   /*	Type of	authenticator */
	     int	     ncd_authlen;    /*	Length of authenticator	string */
	     u_char	     *ncd_authstr;   /*	Authenticator string */
	     int	     ncd_verflen;    /*	and the	verifier */
	     u_char	     *ncd_verfstr;
	     NFSKERBKEY_T    ncd_key;	     /*	Session	key */

     structure.	 The initial call has only the NFSSVC_MNTD flag	set to specify
     service for the mount point.  If the mount	point is using Kerberos, then
     the mount_nfs(8) daemon will return from nfssvc() with errno == ENEEDAUTH
     whenever the client side requires an ``rcmd'' authentication ticket for
     the user.	Mount_nfs(8) will attempt to get the Kerberos ticket, and if
     successful	will call nfssvc() with	the flags NFSSVC_MNTD and
     NFSSVC_GOTAUTH after filling the ticket into the ncd_authstr field	and
     setting the ncd_authlen and ncd_authtype fields of	the nfsd_cargs struc-
     ture.  If mount_nfs(8) failed to get the ticket, nfssvc() will be called
     note a failed authentication attempt.

     On	the server side, nfssvc() is called with the flag NFSSVC_NFSD and a
     pointer to	a

     struct nfsd_srvargs {
	     struct nfsd     *nsd_nfsd;	     /*	Pointer	to in kernel nfsd struct */
	     uid_t	     nsd_uid;	     /*	Effective uid mapped to	cred */
	     u_int32_t	     nsd_haddr;	     /*	Ip address of client */
	     struct ucred    nsd_cr;	     /*	Cred. uid maps to */
	     int	     nsd_authlen;    /*	Length of auth string (ret) */
	     u_char	     *nsd_authstr;   /*	Auth string (ret) */
	     int	     nsd_verflen;    /*	and the	verfier	*/
	     u_char	     *nsd_verfstr;
	     struct timeval  nsd_timestamp;  /*	timestamp from verifier	*/
	     u_int32_t	     nsd_ttl;	     /*	credential ttl (sec) */
	     NFSKERBKEY_T    nsd_key;	     /*	Session	key */

     to	enter the kernel as an nfsd(8) daemon.	Whenever an nfsd(8) daemon re-
     ceives a Kerberos authentication ticket, it will return from nfssvc()
     with errno	== ENEEDAUTH.  The nfsd(8) will	attempt	to authenticate	the
     ticket and	generate a set of credentials on the server for	the ``user
     id'' specified in the field nsd_uid.  This	is done	by first authenticat-
     ing the Kerberos ticket and then mapping the Kerberos principal to	a lo-
     cal name and getting a set	of credentials for that	user via.  getpwnam(3)
     and getgrouplist(3).  If successful, the nfsd(8) will call	nfssvc() with
     the NFSSVC_NFSD and NFSSVC_AUTHIN flags set to pass the credential	map-
     ping in nsd_cr into the kernel to be cached on the	server socket for that
     client.  If the authentication failed, nfsd(8) calls nfssvc() with	the
     flags NFSSVC_NFSD and NFSSVC_AUTHINFAIL to	denote an authentication fail-

     The master	nfsd(8)	server daemon calls nfssvc() with the flag
     NFSSVC_ADDSOCK and	a pointer to a

     struct nfsd_args {
	     int     sock;   /*	Socket to serve	*/
	     caddr_t name;   /*	Client address for connection based sockets */
	     int     namelen;/*	Length of name */

     to	pass a server side NFS socket into the kernel for servicing by the
     nfsd(8) daemons.

     Normally nfssvc() does not	return unless the server is terminated by a
     signal when a value of 0 is returned.  Otherwise, -1 is returned and the
     global variable errno is set to specify the error.

     [ENEEDAUTH]	This special error value is really used	for authenti-
			cation support,	particularly Kerberos, as explained

     [EPERM]		The caller is not the super-user.

     mount_nfs(8), nfsd(8), nfsiod(8)

     The nfssvc() function first appeared in 4.4BSD.

     The nfssvc() system call is designed specifically for the NFS support
     daemons and as such is specific to	their requirements.  It	should really
     return values to indicate the need	for authentication support, since
     ENEEDAUTH is not really an	error.	Several	fields of the argument struc-
     tures are assumed to be valid and sometimes to be unchanged from a	previ-
     ous call, such that nfssvc() must be used with extreme care.

BSD				 June 9, 1993				   BSD


Want to link to this manual page? Use this URL:

home | help